Among other disclosed subject matter, a computer-implemented method includes executing a plurality of virtual machines on a physical machine, wherein a first virtual machine of the plurality of virtual machines executes an encryption process. Execution of a hostile process that is configured to compromise the encryption process is detected, wherein the hostile process executes in a second virtual machine of the plurality of virtual machines. Migrating at least the second virtual machine to a different second physical machine based on the detection of the execution of the hostile process.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer-implemented method comprising: executing a plurality of virtual machines on a first physical machine, wherein the first virtual machine of the plurality of virtual machines executes an encryption process; determining a count representing read accesses to a clock by a process executing on a second virtual machine of the plurality of virtual machines, wherein the clock is within a central processing unit of the physical machine; determining a rate of clock read accesses by the process; determining whether the rate of clock read accesses is beyond a clock read access threshold; and determining the process is a hostile process in response to a determination that the rate of clock read access is beyond the clock read access threshold.
2. The computer-implemented method of claim 1 , further comprising migrating a virtual machine performing the hostile process from the first physical machine to a second physical machine based on the determination of the hostile process, wherein the second physical machine is separate and distinct from the first physical machine.
3. The computer-implemented method of claim 2 , wherein migrating at least the second virtual machine further comprises migrating the first virtual machine to a third physical machine.
4. The computer-implemented method of claim 1 , wherein migrating at least the second virtual machine further comprises migrating the first virtual machine to the second physical machine at a time instance that is different than a time instance of migrating the second virtual machine.
5. The computer-implemented method of claim 4 , wherein the second physical machine is not hosting a virtual machine executing an encryption process.
6. The computer-implemented method of claim 1 , wherein the hostile process is configured to monitor events associated with the first virtual machine to determine a cryptographic key associated with the encryption process.
7. The computer-implemented method of claim 6 , wherein the events associated with the first virtual machine include cache accesses.
8. The computer-implemented method of claim 7 , wherein the cache accesses are associated with a cache associated with the physical machine.
9. A system comprising: a data processing apparatus; and a memory system storing instructions executable by the data processing apparatus and that upon execution by the data processing apparatus cause the data processing apparatus to perform operations comprising: executing a plurality of virtual machines on a first physical machine, wherein the first virtual machine of the plurality of virtual machines executes an encryption process; determining a count representing read accesses to a clock by a process executing on a second virtual machine of the plurality of virtual machines, wherein the clock is within a central processing unit of the physical machine; determining a rate of clock read accesses by the process; determining whether the rate of clock read accesses is beyond a clock read access threshold; and determining the process is a hostile process in response to a determination that the rate of clock read access is beyond the clock read access threshold.
10. The system of claim 9 , wherein the operations further comprising migrating a virtual machine performing the hostile process from the first physical machine to a second physical machine based on the determination of the hostile process, wherein the second physical machine is separate and distinct from the first physical machine.
11. The system of claim 10 , wherein migrating at least the second virtual machine further comprises migrating the first virtual machine to a third physical machine.
12. The system of claim 9 , wherein migrating at least the second virtual machine further comprises migrating the first virtual machine to the second physical machine at a time instance that is different than a time instance of migrating the second virtual machine.
13. The system of claim 12 , wherein the second physical machine is not hosting a virtual machine executing an encryption process.
14. The system of claim 9 , wherein the hostile process is configured to monitor events associated with the first virtual machine to determine a cryptographic key associated with the encryption process.
15. The system of claim 14 , wherein the events associated with the first virtual machine include cache accesses.
16. The system of claim 15 , wherein the cache accesses are associated with a cache associated with the physical machine.
17. A memory device storing instructions executable by the data processing apparatus and that upon execution by the data processing apparatus cause the data processing apparatus to perform operations comprising: executing a plurality of virtual machines on a first physical machine, wherein the first virtual machine of the plurality of virtual machines executes an encryption process; determining a count representing read accesses to a clock by a process executing on a second virtual machine of the plurality of virtual machines, wherein the clock is within a central processing unit of the physical machine; determining a rate of clock read accesses by the process; determining whether the rate of clock read accesses is beyond a clock read access threshold; and determining the process is a hostile process in response to a determination that the rate of clock read access is beyond the clock read access threshold.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
July 15, 2014
February 2, 2016
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.